 |
The Most Important Hardware Weaknesses (MIHW) empowers organizations with the knowledge to proactively strengthen hardware security and reduce risks at the source. The 2025 CWE™ MIHW represents a refreshed and enhanced effort to identify and educate the cybersecurity community about critical hardware weaknesses.
This update incorporates advancements in data collection and analysis, leveraging AI-assisted data collection alongside expert opinions from the Hardware CWE Special Interest Group (SIG), which includes subject matter experts from the hardware design, manufacturing, research, and security domains, as well as academia and government.
This approach combines data-driven analysis with collaborative subject matter expertise, ensuring the 2025 MIHW brings relevant and actionable insight for addressing persistent and emerging hardware security challenges.
|
| The 2025 List |
Insights |
Methodology |
Use Cases |
Paper |
The decision to update the CWE Most Important Hardware Weaknesses List was driven by significant changes in the hardware security
landscape and the evolution of the Hardware CWE corpus since the last update in October 2021 (based on CWE version 4.6). Since
then and through CWE version 4.17, the CWE hardware view has introduced several new and updated entries, including the addition
of new classes, categories, and base weaknesses relevant to emerging hardware security concerns.
Additionally, there has been increased attention to hardware security in recent years, resulting in a greater availability of
data to inform the analysis and prioritization of hardware weaknesses.
If you are interested in joining the Hardware CWE SIG, please email
cwe@mitre.org.
Acknowledgements
The 2025 CWE Hardware team includes (in alphabetical order by last name): Steve Christey Coley, Bob Heinemann, Gananand Kini, and
Alec Summers.
We extend our deepest gratitude to the 2025 MIHW Working Group (a subgroup of
HW SIG
members), whose dedication and hard work made the weakness data collection (WDC) possible. We are also sincerely thankful
to the respondents of the MIHW polls for sharing their expert insights, and to all members of the HW SIG for their ongoing
support and contributions (names are in alphabetical order by first name).
| 2025 MIHW Working Group |
MIHW Poll Respondents |
Andreas Schweiger, Airbus
Arun Kanuparthi, Intel Corporation
Arun Jain, NXP
Hareesh Khattri, Intel Corporation
Irena Bojanova, NIST
Jason Oberg, Cycuity
Jason Fung, Intel Corporation
Jeremy Lee, Capsia Technologies
Keerthi Devraj, Siemens
Mitchell Poplingher, Lockheed Martin
Parbati Manna, Intel Corporation
Sandy Frost, Los Alamos National Laboratory
Shahram Jamshidi, Altera
Shivam Swami, AMD
Soheil Salehi, The University of Arizona
Thomas Ford, Dell
William Ferguson, ethicallyHackingspace(eHs)
|
Amitabh Das, AMD
Arun Kanuparthi, Intel Corporation
Bruce Monroe, AMD
Hareesh Khattri, Intel Corporation
Jason Fung, Intel Corporation
Jason Oberg, Cycuity
Joe Jarzombek
Joerg Bormann, Siemens
JV Rajendran, Texas A&M University
Miltos Grammatikakis, Hellenic Mediterranean University
Mitchell Poplingher, Lockheed Martin
Mohan Lal, Nvidia
Nicole Fern, Keysight
Rachana Maitra, Marvell
Robert van Spyk, Nvidia
Sohrab Aftabjahani, Intel Corporation
Sylvain Guilley, Secure-iC
William Ferguson, ethicallyHackingspace(eHs)
|
… and many others who chose to remain anonymous.
Top HW Weaknesses Archive
More information is available — Please edit the custom filter or select a different filter.
|
